The political and economic landscape has rarely felt more uncertain. Trade policies shift. Regulatory frameworks evolve. Geopolitical tensions create ripple effects across supply chains. Public sentiment changes seemingly overnight.

Yet many businesses remain unprepared for when crisis hits. Not because they don’t recognise the risks, but because scenario planning feels like something for later, when there’s more time, more resources, more clarity about what might actually happen.

Here’s the problem with that thinking: by the time a crisis arrives, it’s already too late to be planning for it.

Why businesses struggle with scenario planning

Some organisations do scenario planning well. Regulated sectors like energy, housing, utilities, and financial services have little choice. Strict governance requirements and mandatory risk registers keep them thinking through potential crises and testing their readiness.

But for many other businesses, scenario planning either doesn’t happen at all or exists as a static document created once and never revisited. The reasons are familiar: limited resources, competing priorities, uncertainty about where to start, or the assumption that “it won’t happen to us.”

The irony is that the businesses most likely to say they can’t afford to do scenario planning are often the ones who can least afford not to.

What effective scenario planning looks like

Effective scenario planning isn’t about predicting the future or preparing for every conceivable event. It’s about building practical foresight, thinking through plausible crises so you’re not starting from zero when disruption strikes.

Organisations should consider scenarios across these core risk areas:

• Workplace accidents or environmental incidents
• Cyber-attacks, ransomware, or system failures
• Fire or physical damage to facilities
• Virus outbreaks or workforce health emergencies
• Reputational crises from social media or investigations
• Legal disputes that threaten operations
• Misinformation or fake news that damages credibility

Each scenario should outline what the crisis looks like, who’s involved in the response, what immediate actions are required, how communication will flow, and what resources are needed.

The difference between a box-ticking exercise and true preparedness?
Constantly cross-referencing your plans with the real world.

Why context changes everything

A cyber-attack scenario written in 2020 may have been technically sound, but is it still relevant in 2025? A reputational crisis now spreads faster across today’s digital platforms than it did five years ago. Scenarios become outdated the moment the context around them changes.

To stay ahead, organisations should regularly review their crisis plans against:

• Risk registers: Are new risks emerging? Are existing ones escalating or fading?
• The news cycle: What’s dominating public and political attention?
• Policy shifts: How could new government priorities or regulations affect your operations?
• Regulatory updates: Are there enforcement trends or new compliance pressures in your industry?
• Public consultations: Even indirect policy areas, housing, planning, environmental reform, can create ripple effects.

The organisations that navigate uncertainty best aren’t those with crystal balls. They’re the ones that pay attention to early signals and update their thinking accordingly.

The cost of not planning

When businesses neglect scenario planning, or do it poorly, the consequences become visible the moment crisis hits.

Thames Water’s ongoing financial and regulatory crisis is a clear example.
Years of underinvestment, rising environmental scrutiny, and weak contingency planning left the company facing record fines and requiring emergency financial support. Ignoring scenarios around regulatory change, infrastructure failure, or funding pressure turned a long-term risk into a public collapse.

In August 2025, Jaguar Land Rover was forced to halt production for several weeks following a major cyber-attack.
The disruption didn’t stop at its factories, it rippled across its entire supply chain.
Component manufacturers, logistics partners, and small suppliers faced cash flow strain and operational paralysis. Many hadn’t anticipated such a scenario or built contingency measures. It showed how one organisation’s crisis can cascade through an entire ecosystem, and how few had modelled that risk in advance.

And the UK car-finance mis-selling scandal, which has triggered an estimated £11 billion in compensation claims, shows how legal and compliance risks can escalate when warning signs go unheeded.
The pattern is clear: organisations that only plan for business-as-usual find themselves overwhelmed when disruption arrives.
And in today’s environment, disruption is not a matter of if, but when.

Making scenario planning practical

The argument that “we don’t have resources for scenario planning” often really means “we don’t know where to start.”

At Shadrock Advisory, we help organisations break the process into manageable steps, starting with the most relevant crisis types and exploring what preparedness looks like in reality.
That means understanding operational impact, identifying who would lead the response, and stress-testing decision-making and communication structures.

You don’t need elaborate simulations to begin (though both can add value).
What matters is cross-functional collaboration, senior leaders, communications teams, and operational managers working together to test assumptions and clarify responsibilities.

Then, and this is critical, build in regular review points.
Quarterly at minimum. Ask:

• What’s changed in our risk register, political landscape, or regulatory framework?
• What new scenarios do we need to consider?
• Which existing ones need updating?

Regulated sectors do this because governance demands it. But the discipline is valuable for every organisation. The businesses that emerge strongest from crises are rarely those lucky enough to avoid them, they’re the ones that thought ahead.

The time to start is now

Political uncertainty isn’t going away. Economic pressures are mounting. Technology evolves faster than most organisations can adapt.
The operating environment for business is more complex, and more unpredictable, than it has been in decades.

That’s not an argument for paralysis. It’s an argument for preparation.

Scenario planning won’t prevent crises. But it dramatically improves your ability to respond when they happen. It means your first crisis meeting isn’t spent figuring out who should be in the room, you already know. You’re not drafting communications under pressure, you have frameworks ready. You can move quickly and confidently because you’ve already thought through the terrain.

In an uncertain climate, that preparation isn’t a luxury. It’s a fundamental requirement for organisational resilience.

If a crisis hit tomorrow, would your organisation know how to respond?
If the answer gives you pause, it’s time to start scenario planning.